I found this code online and was wondering what it does and how it works.

$_SESSION['token'] = md5(session_id() . time());

Mainly wondering what the time thing. We're using this to prevent someone from reposting the same comment/review on a review thing when the click refresh. Wanted to make sure it was going to be messing up if the user came back by the site at the same time the next day, didn't really know about what it did. Would the number ever duplicate it self.

XterM

11-24-2011, 06:54 AM

that command create a uniq token. the token made from combination of session_id() and time(). session_id is uniq by each browser. and time() uniq by time. and it is hashed with md5.

then include the token into any link or action. then compare session[token] with included token. if not equal, action canceled.

jonmarsh80

11-24-2011, 09:37 PM

Session is a single user object and One person can login at the one time and one session. It have some limited time after that session gets time out. Multiple user cant access one account at the same time.